Fixed bug that allowed users with local roles gain priviledges on

acquired objects. getRolesInContext did not used the correct context, as defined by the inner-most object wrapping.

Fixed bug that allowed users with local roles gain priviledges on
acquired objects. getRolesInContext did not used the correct context, as defined by the inner-most object wrapping.
822c2ee7 · Jim Fulton · 2911792b · 822c2ee7
Commit 822c2ee7 authored Sep 17, 1999 by Jim Fulton
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

lib/python/AccessControl/User.py lib/python/AccessControl/User.py +2 -1

No files found.
--- a/lib/python/AccessControl/User.py
+++ b/lib/python/AccessControl/User.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """Access control package"""

-__version__='$Revision: 1.90 $'[11:-2]
+__version__='$Revision: 1.91 $'[11:-2]

 import Globals, App.Undo, socket, regex
 from Globals import HTMLFile, MessageDialog, Persistent, PersistentMapping
@@ -133,6 +133,7 @@ class BasicUser(Implicit):
        name=self.getUserName()
        roles=self.getRoles()
        local={}
+        object=getattr(object, 'aq_inner', object)
        while 1:
            if hasattr(object, '__ac_local_roles__'):
                dict=object.__ac_local_roles__ or {}